Recent

Author Topic: TObject.Free(Failed to read Mem at Address $FFFFFFFFFFFFFFF8)  (Read 723 times)

Pascal

  • Hero Member
  • *****
  • Posts: 932
Hi,

i occasionally get AV with the following stack trace on closing app:
#0 TObject.Free(Failed to read Mem at Address $FFFFFFFFFFFFFFF8) at C:\fpdev\fpc\trunk\fpcsrc\rtl\inc\objpas.inc:337

I have no clue where this happens. Any hints where to look?

Pascal

p.s.: fpc is compiled with -gw3 -gl -O-
app is highly multithreaded
« Last Edit: April 04, 2022, 10:35:16 am by Pascal »
laz trunk x64 - fpc trunk i386 (cross x64) - Windows 10 Pro x64 (21H2)

rvk

  • Hero Member
  • *****
  • Posts: 6110
Re: TObject.Free(Failed to read Mem at Address $FFFFFFFFFFFFFFF8)
« Reply #1 on: April 04, 2022, 11:07:50 am »
I have no clue where this happens. Any hints where to look?
Probably not on the place you indicated with the stack. That's just where it ended up.
The problem probably lies completely somewhere else.
Try to follow the stack back to the original object (derived from TObject) and see if it seems familiar.

You can also note what you did different in your program when that AV occurs.
If that happens to be something with that object you can comment out the thread associated with it.
If it helps you can investigate that thread further.

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 9791
  • Debugger - SynEdit - and more
    • wiki
Re: TObject.Free(Failed to read Mem at Address $FFFFFFFFFFFFFFF8)
« Reply #2 on: April 04, 2022, 11:22:33 am »
Most likely a dangling pointer, probably a double free. Or mem corruption...
Do you get any other stack lines? But even if, they want indicate were it was originally freed.

If you can test on Linux, run it in "valgrind --tool=memcheck". (no heaptrc / enable -gv )
And maybe one (or both) of the thread check tools too.

Pascal

  • Hero Member
  • *****
  • Posts: 932
Re: TObject.Free(Failed to read Mem at Address $FFFFFFFFFFFFFFF8)
« Reply #3 on: April 04, 2022, 12:27:42 pm »
Unfortunately it's the only trace line, so i do not see where it was invoked initially. The app is windows only.
laz trunk x64 - fpc trunk i386 (cross x64) - Windows 10 Pro x64 (21H2)

rvk

  • Hero Member
  • *****
  • Posts: 6110
Re: TObject.Free(Failed to read Mem at Address $FFFFFFFFFFFFFFF8)
« Reply #4 on: April 04, 2022, 12:40:21 pm »
If it's only when you close the app you could try to put some logging in every finalization part of every unit to see to where it runs.

Otherwise you'll need some more advanced debugging tool with more complete stack-trace.

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 9791
  • Debugger - SynEdit - and more
    • wiki
Re: TObject.Free(Failed to read Mem at Address $FFFFFFFFFFFFFFF8)
« Reply #5 on: April 04, 2022, 12:53:35 pm »
Well, that could be a lot of work then....

Try heaptrc with environment "keepreleased" (google / search forum / I explained it a few times on the forum...)
You may get lucky with this. Or not.

If you can rebuild fpc, put checks and asserts into "free"

I.e. check if the pvmt is plausible.
Code: Pascal  [Select][+][-]
  1. if (Pointer(TheObject) <  $40000) or ((Pointer(TheObject) and  $F000 0000 0000 0000) <> 0) then // take the spaces out
  2.   dumpstack; // or set breakpoint here
  3. if (PPointer(TheObject)^ <  $40000) or ((PPointer(TheObject)^ and  $F000 0000 0000 0000) <> 0) then // take the spaces out
  4.   dumpstack; // or set breakpoint here

Maybe you need PtrUInt and PPtrUInt.

The first QWord in the object mem on the heap, is the pointer to the pvmt. And the pointer to the virtual Destroy is in the vmt. The vmt is hardcoded, so given your error I expect the mem in heap to be overwritten with garbage, and the pvmt to be bad.

You could loop to parent vmt, until you reach TObject. But I have a gut feeling, you might not  need it.

The buildin check for object methods (is it -CR ?) might not work for you, because is assumes that all pointers are in readable mem, and actually pointing to some class. The build in check only tests if it is the correct class.


Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 9791
  • Debugger - SynEdit - and more
    • wiki
Re: TObject.Free(Failed to read Mem at Address $FFFFFFFFFFFFFFF8)
« Reply #6 on: April 04, 2022, 12:54:51 pm »
Mind that in your case, using gdb based debugger may get you a better trace than fpdebug.

You can even run it in gdb outside the IDE. Since all you need is to wait for gdb to report the crash, and then do
Code: Text  [Select][+][-]
  1. bt

Pascal

  • Hero Member
  • *****
  • Posts: 932
Re: TObject.Free(Failed to read Mem at Address $FFFFFFFFFFFFFFF8)
« Reply #7 on: April 04, 2022, 01:29:17 pm »
Okay, thanks for th hints. I'll give gdb a try.
laz trunk x64 - fpc trunk i386 (cross x64) - Windows 10 Pro x64 (21H2)

 

TinyPortal © 2005-2018